From 99541278d9caa72c891b2ae3f4d4e7389eb5a0e6 Mon Sep 17 00:00:00 2001
From: James Bunton <jamesbunton@delx.net.au>
Date: Sat, 31 Oct 2015 10:57:59 +1100
Subject: [PATCH] reboot-no-passphrase for systems with LUKS encrypted root
 filesystems

---
 systemd/system/disable-crypto_keyfile.service | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 systemd/system/disable-crypto_keyfile.service

diff --git a/systemd/system/disable-crypto_keyfile.service b/systemd/system/disable-crypto_keyfile.service
new file mode 100644
index 0000000..7959532
--- /dev/null
+++ b/systemd/system/disable-crypto_keyfile.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Disable /root/crypto_keyfile.bin on every boot
+After=basic.target
+
+[Service]
+Type=oneshot
+ExecStart=cryptsetup luksRemoveKey /dev/disk/by-uuid/%i /crypto_keyfile.bin
+SuccessExitStatus=2
+
+[Install]
+WantedBy=basic.target
-- 
2.39.2